Protocol filter capabilities

[Chuck Swiger]

Alexandre DELAY wrote:
> I am looking for an efficient way to filter different protocols, such as
> edonkey or BEEP.  For the moment, I think that ipfw doesn't support it.

Sure it does.  Start with "deny all" [1] and then add the minimum required open 
ports, preferably only for a proxy server that the clients are required to use 
for all outside access.  Specificly, look at and combine the closed and simple 
firewall types in /etc/rc.firewall.

You might also try to use bandwidth shaping to prioritize P2P behind more 
useful traffic like VOIP.

> Don't you think that it would be a nice thing to be able to include such
> "filters" from, for example, ethereal?
> Ethereal support more than 34k different protocols. It woul be nice to be
> able to choose from those filters and to apply some rules according to those
> filters.

You're talking about a reactive IDS.  You can rig them up using scripts which 
monitor logfiles, or something like /usr/ports/security/snort.

However, I prefer to use IDS for traffic I permit but want to monitor, not 
traffic I already know I want to block.

-- 
-Chuck